CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3930 – QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c
https://notcve.org/view.php?id=CVE-2021-3930
10 Dec 2021 — An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido... • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3620 – Ansible: ansible-connection module discloses sensitive info in traceback error message
https://notcve.org/view.php?id=CVE-2021-3620
15 Oct 2021 — A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el módulo ansible-connection de Ansible Engine, en el que información confidencial, como las credenciales de usuario de Ansible, es revelado por defecto en el mensaje de error de rastreo. La mayor amenaza de esta vulnerabilidad es l... • https://bugzilla.redhat.com/show_bug.cgi?id=1975767 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
28 Jan 2021 — A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causan... • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 11%CPEs: 15EXPL: 2CVE-2020-14364 – QEMU: usb: out-of-bounds r/w access issue while processing usb packets
https://notcve.org/view.php?id=CVE-2020-14364
31 Aug 2020 — An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. Se encontró un fallo de acceso de lectura/escritura fuer... • https://github.com/gejian-iscas/CVE-2020-14364 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 27EXPL: 1CVE-2019-14900 – hibernate: SQL injection issue in Hibernate ORM
https://notcve.org/view.php?id=CVE-2019-14900
12 May 2020 — A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. Se encontró un fallo en Hibernate ORM en versiones anteriores a 5.3.18, 5.4.18 y 5.5.0.Beta1. Una inyección SQL en la implementación de la API JPA Criteria pu... • https://github.com/shanika04/hibernate-orm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1758 – keycloak: improper verification of certificate with host mismatch could result in information disclosure
https://notcve.org/view.php?id=CVE-2020-1758
12 May 2020 — A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. Se encontró un fallo en Keycloak en versiones anteriores a 10.0.0, donde no se lleva a cabo una verificación del nombre de host TLS mientras se envía correos electrónicos utilizando el servidor SMTP. Este fallo permite a un atacante llevar a cabo un ataque de tipo man-in-the-middl... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10685 – Ansible: modules which use files encrypted with vault are not properly cleaned up
https://notcve.org/view.php?id=CVE-2020-10685
22 Apr 2020 — A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only clear... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685 • CWE-459: Incomplete Cleanup •
CVSS: 7.9EPSS: 0%CPEs: 12EXPL: 0CVE-2020-10684 – Ansible: code injection when using ansible_facts as a subkey
https://notcve.org/view.php?id=CVE-2020-10684
24 Mar 2020 — A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. Se descubrió un fallo en Ansible Engine, todas las version... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1711 – QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server
https://notcve.org/view.php?id=CVE-2020-1711
03 Feb 2020 — An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Se detectó una fallo de acceso al búfer de la pila fuera de l... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 2CVE-2019-14859 – python-ecdsa: DER encoding is not being verified in signatures
https://notcve.org/view.php?id=CVE-2019-14859
18 Nov 2019 — A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Se encontró un fallo en todas las versiones de python-ecdsa anteriores a la versión 0.13.3, donde no se comprobaba correctamente si las firmas usaban codificación DER. Sin esta... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 • CWE-347: Improper Verification of Cryptographic Signature •